16 June 2025
OECD ¦ Designing a Tax Crime Investigation Manual
Designing a Tax Crime Investigation Manual: Key Elements and Considerations
As tax crimes and associated illicit financial flows grow more complex and cross-border, jurisdictions need clear, practical guidance to investigate, prosecute and recover proceeds. A tax crime investigation manual (TCIM) turns strategy into operational practice by compiling legal references, investigative procedures, templates, approval paths and inter‑agency routines into a single, usable resource. Well designed, a TCIM helps investigators act quickly and lawfully, protects suspects’ rights, preserves evidence and assets, and strengthens co‑operation with other domestic and foreign authorities.
Purpose and scope of a manual
A TCIM should be a living operational tool for investigators and their managers. It must set out the mandate of the investigating body, describe the lifecycle of an investigation from referral to asset recovery, and capture the national legal framework and operational rules that govern information gathering, searches and seizures, interviews, arrests, disclosure, prosecution referrals and post‑case management. The manual should also explain how the tax crime function sits inside the whole‑of‑government architecture for fighting IFFs, including FIUs, prosecutors, police, financial and professional supervisors, customs and anti‑corruption authorities. Make the TCIM digitally accessible where possible, with searchable sections, links to legislation and standardised templates for warrants, notices, interview plans and evidence logs.
Design and governance
Design the manual for the investigators who will use it. Organise material so an investigator can find what they need quickly: lifecycle chapters (referral → selection → planning → evidence gathering → charging → prosecution → recovery) supported by checklists, templates and sample forms. Include an up‑to‑date directory of internal and external contact points (legal advisers, digital forensics, FIU, asset management office, prosecution focal points, foreign competent authorities), and a maintenance and review schedule. The manual must specify the internal governance for updates, list subject owners for each chapter, and mandate periodic reviews to reflect legislative change and lessons learned.
Legal foundations and limits
Every operational power described in the manual must be linked to the relevant statute or case law and to any required authorisations (internal approvals, prosecutor consent or judicial warrants). Provide clear, practical guidance about statutory thresholds and limitation periods, the legal tests that must be satisfied (e.g., reasonable cause, probable cause or “foreseeably relevant” for tax EOI), and the evidential standards prosecutors will apply. Where powers differ by offence severity, or by whether the investigation is civil or criminal, document those differences and the triggers that move a matter from administrative audit to criminal inquiry.
Case referral, selection and allocation
Set out all referral channels: internal intelligence, audit referrals, FIU products, whistleblower reports, inter‑agency referrals, public tips, and international requests. Provide a transparent case selection framework with criteria and thresholds, including materiality, seriousness, links to organised crime or money laundering, prospect of asset preservation and public interest considerations. Define roles for initial triage, case allocation, and specialist tasking (e.g., financial analysts, digital forensic examiners, covert ops). Maintain a documented decision and approval trail for selection and allocation.
Investigation planning and management
Require a written case plan for each investigation that defines scope, legal issues, key evidence required, asset preservation steps, a timeline, resource needs and risk mitigation. Plans should be living documents reviewed at regular intervals and at key milestones. Encourage multidisciplinary input — financial analysts, legal, cyber forensics, prosecution and asset recovery — early in the plan. Use formal panel reviews for complex or high‑value cases.
Information, evidence and asset tracing powers
Describe routine and non‑routine third‑party notice powers and provide standardised templates: bank account records, transaction lists, KYC files, accounting system exports, VASP records, payment‑service data, betting operator records, telecom and IP metadata, and registers (property, vehicles, company and BO registers). Distinguish lawful, authorised covert tools (intercepts, surveillance, undercover operations), and the approvals they need. Explain how to combine open‑source intelligence (social media, corporate registers, blockchain analysis and web scraping) with formal EOI or MLA requests.
Search, seizure and digital forensics
Provide a search checklist and a search‑plan template covering legal authority, site teams, command and control arrangements, safety assessment, preservation of evidential integrity, chain of custody, documentation, and public communications. Include separate, detailed procedures for handling digital media: seizure, forensically sound imaging, use of a DFL, preservation of metadata, and roles and timelines for forensic analysis. Clarify how privileged materials are handled and how to document refusals or disputes that may arise at the scene.
Interviews, cautions and suspects’ rights
Distinguish civil/admin inquiries from criminal interviews under caution. Explain when a person becomes a suspect, when the right to legal counsel must be given, and how to administer legal warnings. Provide standard interview planning templates, guidance on recording, use of interpreters, presence of counsel, break rules, and when to suspend or terminate questioning. Cover how to create, verify and store interview statements and transcripts and how disclosure obligations are met.
Asset freezing, seizure and confiscation
Set out the provisional measures available: emergency freezing, restraint orders, seizure warrants and the legal tests to obtain them, including ex‑parte options where law allows. Explain asset management responsibilities (custody, valuation, maintenance costs) and third‑party claims procedures. Distinguish conviction‑based and non‑conviction regimes, describe extended and value‑based confiscation approaches, and set out the chain of steps from restraint through to disposal or victim restitution. Include templates for asset restraint applications and models for inter‑agency co‑ordination with the asset management office.
Domestic co‑operation mechanisms
Explain the legal gateways and operational means for sharing information domestically among tax, FIU, police, customs, financial and professional supervisors, anti‑corruption bodies and prosecution services. Document mandatory vs discretionary exchange regimes, standard referral formats, MOU templates, joint intelligence centre models, co‑location and secondment arrangements, and when to escalate matters to a joint investigation team or standing taskforce. Provide direct contact lists and practical rules for handling sensitive information.
International co‑operation and EOI
Describe formal international tools — MLA for criminal evidence and the Multilateral Convention and TIEA/DTA pathways for tax EOI — identifying the competent authorities, templates, standard data fields and expected timeframes. Explain the advantages of tax EOI in criminal matters (the MAAC’s “foreseeably relevant” standard) and when EOI may offer faster, more targeted access to financial records than MLA; give practical guidance on drafting effective requests and on managing confidentiality and use limitations. Include a directory of foreign competent points and instructions for urgent informal exchanges when lawful.
Financial analysis and methods of proof
Provide investigator‑level guidance on direct and indirect proofs: documentary tracing, bank deposits analysis, net worth/asset increase and expenditure/source‑and‑application techniques. Explain the typical data sources needed for each method, common adjustments (non‑taxable receipts, loans, transfers between accounts), and pitfalls to avoid. Reference examples of accepted methodologies in domestic case law and say when to involve forensic accounting specialists.
Communication, confidentiality and integrity
Set rules for internal and external communications including classification labels, release protocols, press handling, and FOI considerations. Describe investigator obligations for reporting suspected staff misconduct and the role of internal integrity units. Include procedures to protect whistleblowers and to handle sensitive intelligence when shared with other agencies or foreign partners.
Investigation file, disclosure and prosecution referral
Specify the minimum contents of an investigation file: referral materials, case plan, chain‑of‑custody records, interview transcripts, forensic reports, third‑party responses, asset restraint records and legal advice. Detail the referral packet required by prosecutors, the legal standard the prosecution will apply and the internal approval path for referral. Explain processes where prosecution is not pursued: closure templates, civil follow‑up or administrative tax adjustments and how to preserve evidence for future use.
Post‑case procedures and lessons learned
Set retention rules for material and the process to return or destroy seized items where law permits. Provide templates for post‑investigation reviews to capture operational lessons and to update manuals. Mandate reporting metrics and KPIs that link back to strategic objectives (cases opened, prosecutions, convictions, assets recovered, time to restraint, and inter‑agency referrals).
